Margaret Franco, executive director of End User Computing with the firm, told V3 that the figures showed that businesses should ensure that any bring your own device (BYOD) policy met the needs of the firm without overlooking essential data security needs.

"We would not advise customers to simply let users bring in any device at all," she told the publication. "In fact, what we've found is that customers that have allowed a BYOD policy, that have allowed end users to bring in anything that they want, 50% of those companies experienced a security breach."

"Our approach is to start with an assessment of what [the customer] wants, profiling the users and looking at the right applications for those users, and only then considering what the right kind of device is. [Companies] have two choices. They can put in place policies and [mobile data management] solutions in order to react to these trends, or they can really put together a strategy for end user computing that enables them to pro-actively address them," she said.

At the beginning of March, UK data protection watchdog the Information Commissioner's Office (ICO) published new guidance for employers on BYOD (14-page / 325KB PDF). The ICO stressed that organisations should remember that they are duty-bound to look after the personal data they are responsible for under data protection laws "regardless of the ownership of the device used to carry out the processing". Companies must ensure that devices used for work purposes are password-protected, and that data is encrypted when being transferred as well as being stored, the ICO said.

IT contracts and technology law specialist David Isaac of Pinsent Masons warned previously about the additional 'hidden risks' of the growing popularity of BYOD.

"The headlines seem to focus on data security, intellectual property ownership and privacy whenever the issue of BYOD adoption is raised," he told Out-Law.com in January. "But for businesses, an equally important concern may be to identify any hidden risks which may result from placing the capital cost of the device and ongoing data plan charges on employees, including reputational ones."

"BYOD also creates added complexity for IT support service providers as they must factor into their service propositions both devices they are not familiar with and locations they have not agreed to," he said.

BlackBerry's previous operating system, version 7.1, was cleared by the CESG in December 2012 for classifications up to 'Restricted', which is the fourth level of protection recommended for government communications. The CESG is the UK Government's national information security arm.

In a statement, the company acknowledged that there had been a delay CESG's approval of BlackBerry 10, but added that it was "continuing to work closely" with the Government. It added that the US Government, the German Procurement Office and Federal Office for Information Security had already backed the software.

"We have a long-established relationship with CESG and we remain the only mobile solution approved for use at 'Restricted' when configured in accordance with CESG guidelines," BlackBerry said. "This level of approval only comes following a process which is rigorous and absolutely necessary given the highly confidential nature of the communications being transmitted."

"We are continuing to work closely with CESG on the approval of BlackBerry 10 and we're confident that BlackBerry 10 will only strengthen our position as the mobile solution of choice for the UK government," it said.